yoshiislandblog.net
元営業の駆け出しアラサーSEが、休日にMACと戯れた際の殴り書きメモ。日々勉強。日々進歩。

この記事は3年以上前に書かれた記事で内容が古い可能性があります

Kubernetes超入門(Vagrant・CentOS7)〜(4)Pod作成〜

2019-10-15

Podを作る

Kubernetes超入門(Vagrant・CentOS7)〜(3)ノード設定〜の続き

作成したkubernetesの環境でhttpサービスを提供するPodを作成してみる

PodはvSphere的に言うとクラスタと理解
Podの中にコンテナたちがいるイメージ
Podはyamlファイルで作成できる

まずはyamlファイルを格納する適当なワークディレクトリ作成

$ mkdir pod_test
$ cd pod_test/

yamlファイル作成
yamlファイルはpodを作るための設計図
今回は、「httpd」と言うイメージ(redhatのサイトから取得)を元にPodを作成する

$ vi pod-httpd.yaml
$ cat pod-httpd.yaml
apiVersion: v1
kind: Pod
metadata:
  name: httpd
  labels:
    app: httpd
spec:
  containers:
  - name: httpd
    image: httpd
    ports:
    - containerPort: 80

先ほど作成したyamlファイルを元にPod作成

$ kubectl create -f pod-httpd.yaml
pod "httpd" created

確認したところ、作成中(「ContainerCreating」)のまま進まない

]$ kubectl get pods
NAME      READY     STATUS              RESTARTS   AGE
httpd     0/1       ContainerCreating   0          11s

状況確認

$ kubectl describe pods
Name:		httpd
Namespace:	default
Node:		kubenodea/192.168.33.11
Start Time:	Mon, 14 Oct 2019 08:31:02 +0000
Labels:		app=httpd
Status:		Pending
IP:
Controllers:	<none>
Containers:
  httpd:
    Container ID:
    Image:		httpd
    Image ID:
    Port:		80/TCP
    State:		Waiting
      Reason:		ContainerCreating
    Ready:		False
    Restart Count:	0
    Volume Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-831zm (ro)
    Environment Variables:	<none>
Conditions:
  Type		Status
  Initialized 	True
  Ready 	False
  PodScheduled 	True
Volumes:
  default-token-831zm:
    Type:	Secret (a volume populated by a Secret)
    SecretName:	default-token-831zm
QoS Class:	BestEffort
Tolerations:	<none>
Events:
  FirstSeen	LastSeen	Count	From			SubObjectPath	Type		Reason		Message
  ---------	--------	-----	----			-------------	--------	------		-------
  55s		55s		1	{default-scheduler }			Normal		Scheduled	Successfully assigned httpd to kubenodea
  54s		14s		3	{kubelet kubenodea}			Warning		FailedSync	Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

  25s	2s	2	{kubelet kubenodea}		Warning	FailedSync	Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""

「/etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory」とのこと

こちらを参考にエラー対処
http://hylom.net/centos-redhat-registry-certs-error
証明書を入れる必要がある

※「python-rhsm」を入れるという記事もあったがうまくいかなかった

$ sudo yum -y install wget
$ sudo wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
$ sudo rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee redhat-uep.pem
$ sudo mv redhat-uep.pem /etc/rhsm/ca/

※これをマスターサーバと全てのノードに対して実施しておく

証明書を全てのノードに入れたら、マスターサーバの作業に戻る
先ほど作成したPodを削除して再トライ

$ kubectl delete pod httpd
$ kubectl create -f pod-httpd.yaml
pod "httpd" created

しばらくすると「Running」のステータスとなった

$ kubectl get pods
NAME      READY     STATUS              RESTARTS   AGE
httpd     0/1       ContainerCreating   0          17s
$ kubectl get pods
NAME      READY     STATUS    RESTARTS   AGE
httpd     1/1       Running   0          3m

先ほどのエラーも無くなっている

$ kubectl describe pods
Name:		httpd
Namespace:	default
Node:		kubenodeb/192.168.33.12
Start Time:	Mon, 14 Oct 2019 09:46:15 +0000
Labels:		app=httpd
Status:		Pending
IP:
Controllers:	<none>
Containers:
  httpd:
    Container ID:
    Image:		httpd
    Image ID:
    Port:		80/TCP
    State:		Waiting
      Reason:		ContainerCreating
    Ready:		False
    Restart Count:	0
    Volume Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-831zm (ro)
    Environment Variables:	<none>
Conditions:
  Type		Status
  Initialized 	True
  Ready 	False
  PodScheduled 	True
Volumes:
  default-token-831zm:
    Type:	Secret (a volume populated by a Secret)
    SecretName:	default-token-831zm
QoS Class:	BestEffort
Tolerations:	<none>
Events:
  FirstSeen	LastSeen	Count	From			SubObjectPath	Type		Reason		Message
  ---------	--------	-----	----			-------------	--------	------		-------
  10s		10s		1	{default-scheduler }			Normal		Scheduled	Successfully assigned httpd to kubenodeb

「Node: kubenodeb/192.168.33.12」からkubenodebで起動していることがわかる

kubenodebにログインしてコンテナたちを確認

% vagrant ssh kubenodeb
Last login: Mon Oct 14 09:44:38 2019 from 10.0.2.2
[vagrant@localhost ~]$ sudo docker ps -a
CONTAINER ID        IMAGE                                                        COMMAND              CREATED             STATUS              PORTS               NAMES
d54b9059dc91        httpd                                                        "httpd-foreground"   3 minutes ago       Up 3 minutes                            k8s_httpd.d6c52e8f_httpd_default_7f073335-ee67-11e9-a9fb-525400c9c704_82e5654e
1b9df3648786        registry.access.redhat.com/rhel7/pod-infrastructure:latest   "/usr/bin/pod"       3 minutes ago       Up 3 minutes                            k8s_POD.a8590b41_httpd_default_7f073335-ee67-11e9-a9fb-525400c9c704_a15faff0

「kubectl get pod」コマンドでPod情報を拾ってこれる
※kubectlの設定をしている(今回はマスターサーバ)で確認する

$ kubectl get pod httpd -o yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: 2019-10-14T09:46:29Z
  labels:
    app: httpd
  name: httpd
  namespace: default
  resourceVersion: "11120"
  selfLink: /api/v1/namespaces/default/pods/httpd
  uid: 7f073335-ee67-11e9-a9fb-525400c9c704
spec:
  containers:
  - image: httpd
    imagePullPolicy: Always
    name: httpd
    ports:
    - containerPort: 80
      protocol: TCP
    resources: {}
    terminationMessagePath: /dev/termination-log
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-831zm
      readOnly: true
  dnsPolicy: ClusterFirst
  nodeName: kubenodeb
  restartPolicy: Always
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  volumes:
  - name: default-token-831zm
    secret:
      defaultMode: 420
      secretName: default-token-831zm
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: 2019-10-14T09:46:15Z
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: 2019-10-14T09:47:10Z
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: 2019-10-14T09:46:29Z
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://d54b9059dc91472a17c0164194c9a5027d872236791cb365e75a40b9769fa032
    image: httpd
    imageID: docker-pullable://docker.io/httpd@sha256:39d7d9a3ab93c0ad68ee7ea237722ed1b0016ff6974d80581022a53ec1e58797
    lastState: {}
    name: httpd
    ready: true
    restartCount: 0
    state:
      running:
        startedAt: 2019-10-14T09:47:10Z
  hostIP: 192.168.33.12
  phase: Running
  podIP: 172.17.41.2
  startTime: 2019-10-14T09:46:15Z

「podIP: 172.17.41.2」からPodのIPがわかる
Podにhttpアクセスをしてみる

% vagrant ssh kubenodeb
Last login: Mon Oct 14 09:50:19 2019 from 10.0.2.2
[vagrant@localhost ~]$
[vagrant@localhost ~]$ curl 172.17.41.2
<html><body><h1>It works!</h1></body></html>

httpが無事に起動していることがわかる

以上。